ComboFix 08-05-15.3 - the MAN 2008-05-19 16:15:49.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.262 [GMT -4:00] Running from: C:\Documents and Settings\the MAN\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\the MAN\Desktop\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: c:\windows\system32\cryptsvcm.dll C:\WINDOWS\system32\dmimel.dll C:\WINDOWS\system32\drivers\arbwrcuv.dat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\NetworkService\Application Data\xdoignyv C:\Documents and Settings\NetworkService\Application Data\xdoignyv\profiles.ini C:\Documents and Settings\NetworkService\Application Data\xdoignyv\Profiles\gx4vndeb.default\cert8.db C:\Documents and Settings\NetworkService\Application Data\xdoignyv\Profiles\gx4vndeb.default\compatibility.ini C:\Documents and Settings\NetworkService\Application Data\xdoignyv\Profiles\gx4vndeb.default\compreg.dat C:\Documents and Settings\NetworkService\Application Data\xdoignyv\Profiles\gx4vndeb.default\cookies.sqlite C:\Documents and Settings\NetworkService\Application Data\xdoignyv\Profiles\gx4vndeb.default\formhistory.sqlite C:\Documents and Settings\NetworkService\Application Data\xdoignyv\Profiles\gx4vndeb.default\key3.db C:\Documents and Settings\NetworkService\Application Data\xdoignyv\Profiles\gx4vndeb.default\localstore.rdf C:\Documents and Settings\NetworkService\Application Data\xdoignyv\Profiles\gx4vndeb.default\permissions.sqlite C:\Documents and Settings\NetworkService\Application Data\xdoignyv\Profiles\gx4vndeb.default\places.sqlite-journal C:\Documents and Settings\NetworkService\Application Data\xdoignyv\Profiles\gx4vndeb.default\places.sqlite C:\Documents and Settings\NetworkService\Application Data\xdoignyv\Profiles\gx4vndeb.default\pluginreg.dat C:\Documents and Settings\NetworkService\Application Data\xdoignyv\Profiles\gx4vndeb.default\prefs.js C:\Documents and Settings\NetworkService\Application Data\xdoignyv\Profiles\gx4vndeb.default\secmod.db C:\Documents and Settings\NetworkService\Application Data\xdoignyv\Profiles\gx4vndeb.default\xpti.dat C:\Documents and Settings\the MAN\Application Data\xdoignyv C:\WINDOWS\system32\dmimel.dll C:\WINDOWS\system32\drivers\arbwrcuv.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ARBWRCUV -------\Service_arbwrcuv ((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))) . 2008-05-18 18:26 . 2008-05-18 18:26 d-------- C:\_OTMoveIt 2008-05-18 18:07 . 2008-05-18 18:07 d-------- C:\Program Files\Sun 2008-05-18 18:06 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-05-18 18:01 . 2008-05-18 18:01 d-------- C:\Program Files\Common Files\Java 2008-05-18 01:38 . 2008-05-18 01:38 d-------- C:\Program Files\Trend Micro 2008-05-18 01:36 . 2008-05-18 01:39 d-------- C:\Program Files\Panda Security 2008-05-18 00:03 . 2008-05-18 00:08 d-------- C:\Program Files\SUPERAntiSpyware 2008-05-18 00:03 . 2008-05-18 00:03 d-------- C:\Documents and Settings\the MAN\Application Data\SUPERAntiSpyware.com 2008-05-18 00:03 . 2008-05-18 00:03 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-05-18 00:02 . 2008-05-18 00:02 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-17 23:53 . 2008-05-17 23:53 d-------- C:\Documents and Settings\the MAN\Application Data\Malwarebytes 2008-05-17 23:52 . 2008-05-17 23:53 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-17 23:52 . 2008-05-17 23:52 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-17 23:52 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-17 23:52 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-17 23:51 . 2008-05-17 23:51 d-------- C:\Program Files\Common Files\Download Manager 2008-05-17 22:34 . 2008-05-17 22:34 d-------- C:\Documents and Settings\Administrator 2008-05-17 22:34 . 2008-05-19 16:08 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG 2008-05-17 13:23 . 2008-05-17 13:29 d-------- C:\Program Files\a-squared Free 2008-05-17 13:18 . 2008-05-17 22:33 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-05-17 00:38 . 2008-05-19 16:10 d--h----- C:\$AVG8.VAULT$ 2008-05-17 00:36 . 2008-05-19 13:02 d-------- C:\WINDOWS\system32\drivers\Avg 2008-05-17 00:36 . 2008-05-17 00:36 d-------- C:\Program Files\AVG 2008-05-17 00:36 . 2008-05-17 00:36 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-05-17 00:36 . 2008-05-17 00:36 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-05-17 00:36 . 2008-05-17 00:36 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-05-16 18:46 . 2008-05-17 09:33 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-05-16 18:22 . 2008-05-17 09:41 d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2008-05-16 14:29 . 2008-05-16 14:29 d-------- C:\Documents and Settings\user\Application Data\Apple Computer 2008-05-15 22:00 . 2008-05-16 18:13 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com 2008-05-15 21:55 . 2008-05-15 21:57 100,577,280 --a------ C:\VirusScan.iso 2008-05-14 12:41 . 2008-05-16 18:33 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-12 13:22 . 2008-05-12 13:23 d-------- C:\Documents and Settings\user\Application Data\.clamwin 2008-05-10 21:18 . 2008-05-14 15:35 d-------- C:\Program Files\Winpooch 2008-05-03 11:43 . 2008-05-14 16:24 d-------- C:\Program Files\Common Files\Symantec Shared 2008-05-03 11:40 . 2008-05-16 18:35 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-03 11:39 . 2008-05-19 13:09 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-05-02 12:47 . 2008-05-02 12:47 401 --a------ C:\WINDOWS\system32\Graph.lic 2008-05-02 12:28 . 1993-05-12 00:00 398,416 --------- C:\WINDOWS\system32\VBRUN300.DLL 2008-05-02 12:27 . 1998-05-31 01:00 89,600 --------- C:\WINDOWS\system32\mscal.ocx 2008-05-02 12:24 . 2008-05-14 17:09 d-------- C:\Program Files\eNeighborhoods, Inc 2008-05-02 11:39 . 2008-05-14 10:49 d-------- C:\Program Files\Common Files\Mozilla Shared 2008-05-01 12:06 . 2008-05-01 12:06 202,827 --a------ C:\WINDOWS\system32\atasnt40.dll 2008-05-01 12:06 . 2008-05-01 12:06 51,304 --a------ C:\WINDOWS\system32\drivers\atnt40k.sys 2008-05-01 09:23 . 2008-05-01 09:23 1,015,808 --a------ C:\WINDOWS\system32\libeay32.dll 2008-05-01 09:23 . 2008-05-01 09:23 196,608 --a------ C:\WINDOWS\system32\libssl32.dll 2008-05-01 09:23 . 2008-05-01 09:23 20,608 --a------ C:\WINDOWS\system32\drivers\nptrcimj.dat 2008-04-30 16:21 . 2008-04-30 16:46 d-------- C:\Program Files\Spybot - Search & Destroy 2008-04-30 16:21 . 2008-04-30 17:34 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-18 22:06 --------- d-----w C:\Program Files\Java 2008-05-03 15:39 --------- d-----w C:\Program Files\Google 2008-05-02 16:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak 2008-05-02 16:33 --------- d-----w C:\Program Files\Kodak 2008-05-02 16:24 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-11 20:10 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-11 20:07 --------- d-----w C:\Program Files\Adobe Media Player 2008-04-11 20:06 --------- d-----w C:\Program Files\Common Files\Adobe AIR 2008-04-07 20:14 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire 2004-08-04 04:56 98,304 ----a-w C:\WINDOWS\inf\DUPLEX811\cscript.exe 2004-08-04 04:56 98,304 ----a-w C:\WINDOWS\inf\CL7000\cscript.exe . ((((((((((((((((((((((((((((( snapshot@2008-05-18_18.42.12.55 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-18 12:36:57 69,120 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll + 2008-05-18 23:29:23 69,120 ----a-w C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll - 2008-05-18 12:37:16 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll + 2008-05-18 23:29:41 72,192 ----a-w C:\WINDOWS\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll - 2008-05-18 12:36:19 4,444,160 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll + 2008-05-18 23:28:45 4,444,160 ----a-w C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll - 2008-05-18 12:37:21 483,840 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll + 2008-05-18 23:29:47 483,840 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll - 2008-05-18 12:36:37 3,036,160 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll + 2008-05-18 23:29:03 3,036,160 ----a-w C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - 2008-05-18 12:37:30 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll + 2008-05-18 23:29:55 258,048 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - 2008-05-18 12:37:31 113,664 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll + 2008-05-18 23:29:56 113,664 ----a-w C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll - 2008-05-18 12:37:17 261,120 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll + 2008-05-18 23:29:43 261,120 ----a-w C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll - 2008-05-18 12:36:31 5,431,296 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll + 2008-05-18 23:28:57 5,431,296 ----a-w C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll - 2008-05-18 12:36:51 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll + 2008-05-18 23:29:17 10,752 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll - 2008-05-18 12:36:33 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll + 2008-05-18 23:28:58 507,904 ----a-w C:\WINDOWS\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll - 2008-05-18 12:36:56 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll + 2008-05-18 23:29:22 13,312 ----a-w C:\WINDOWS\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll - 2008-05-18 12:37:05 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll + 2008-05-18 23:29:30 8,192 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll - 2008-05-18 12:37:08 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll + 2008-05-18 23:29:33 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll - 2008-05-18 12:37:10 6,656 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll + 2008-05-18 23:29:35 6,656 ----a-w C:\WINDOWS\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll - 2008-05-18 12:37:33 348,160 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll + 2008-05-18 23:29:58 348,160 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll - 2008-05-18 12:37:34 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll + 2008-05-18 23:30:00 36,864 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll - 2008-05-18 12:37:37 655,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll + 2008-05-18 23:30:02 655,360 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll - 2008-05-18 12:37:38 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll + 2008-05-18 23:30:04 77,824 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll - 2008-05-18 12:37:11 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll + 2008-05-18 23:29:36 749,568 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll - 2008-05-18 12:37:06 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll + 2008-05-18 23:29:32 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll - 2008-05-18 12:37:03 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll + 2008-05-18 23:29:29 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll - 2008-05-18 12:37:23 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll + 2008-05-18 23:29:49 28,672 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll - 2008-05-18 12:37:01 671,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll + 2008-05-18 23:29:27 671,744 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - 2008-05-18 12:36:21 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll + 2008-05-18 23:28:47 5,632 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll - 2008-05-18 12:37:27 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll + 2008-05-18 23:29:53 12,800 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll - 2008-05-18 12:37:00 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll + 2008-05-18 23:29:26 32,768 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll - 2008-05-18 12:36:58 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll + 2008-05-18 23:29:24 7,168 ----a-w C:\WINDOWS\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll - 2008-05-18 12:37:13 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll + 2008-05-18 23:29:38 110,592 ----a-w C:\WINDOWS\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll - 2008-05-18 12:37:14 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll + 2008-05-18 23:29:40 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll - 2008-05-18 12:36:35 425,984 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll + 2008-05-18 23:29:01 425,984 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll - 2008-05-18 12:36:39 741,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll + 2008-05-18 23:29:05 741,376 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll - 2008-05-18 12:36:41 933,888 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll + 2008-05-18 23:29:07 933,888 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll - 2008-05-18 12:37:42 5,070,848 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll + 2008-05-18 23:30:07 5,070,848 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll - 2008-05-18 12:37:35 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll + 2008-05-18 23:30:01 188,416 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll - 2008-05-18 12:36:52 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll + 2008-05-18 23:29:18 401,408 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll - 2008-05-18 12:37:25 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll + 2008-05-18 23:29:51 81,920 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll - 2008-05-18 12:36:23 630,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll + 2008-05-18 23:28:49 630,784 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - 2008-05-18 12:37:28 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll + 2008-05-18 23:29:54 372,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll - 2008-05-18 12:37:24 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll + 2008-05-18 23:29:50 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll - 2008-05-18 12:37:20 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll + 2008-05-18 23:29:46 299,008 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll - 2008-05-18 12:37:18 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll + 2008-05-18 23:29:44 131,072 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll - 2008-05-18 12:36:24 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll + 2008-05-18 23:28:51 258,048 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll - 2008-05-18 12:36:27 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll + 2008-05-18 23:28:53 114,688 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll - 2008-05-18 12:36:47 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll + 2008-05-18 23:29:14 884,736 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll - 2008-05-18 12:36:49 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll + 2008-05-18 23:29:15 90,112 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll - 2008-05-18 12:36:46 839,680 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll + 2008-05-18 23:29:12 839,680 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll - 2008-05-18 12:36:54 5,013,504 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll + 2008-05-18 23:29:20 5,013,504 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - 2008-05-18 12:36:28 2,068,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll + 2008-05-18 23:28:54 2,068,480 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - 2008-05-18 12:36:44 3,076,096 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll + 2008-05-18 23:29:10 3,076,096 ----a-w C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll - 2008-05-18 22:29:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-19 20:20:26 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE - 2008-05-18 12:37:56 85,462 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-05-18 23:30:20 85,462 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-05-18 12:37:56 476,128 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-05-18 23:30:20 476,128 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-05-18 12:37:05 8,192 ----a-w C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll + 2008-05-18 23:29:30 8,192 ----a-w C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll - 2008-05-18 12:37:30 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll + 2008-05-18 23:29:55 258,048 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll - 2008-05-18 12:37:31 113,664 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll + 2008-05-18 23:29:56 113,664 ----a-w C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 14:50 68856] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17 50736] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 06:00 110592 C:\WINDOWS\system32\bthprops.cpl] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 01:05 344064] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 13:08 1347584] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 18:13 176128] "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 16:28 684032] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-08 02:19 282624] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-17 00:36 1177368] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-05-03 11:39:46 124400] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\AIM6\\anotify.exe"= "C:\\Program Files\\Internet Explorer\\iexplore.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-17 00:36] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-17 00:36] R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2005-04-22 01:58] S2 vxcpyxjq;Mouse Class Monitor;C:\WINDOWS\System32\svchost.exe [2004-08-04 06:00] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs vxcpyxjq . Contents of the 'Scheduled Tasks' folder "2007-02-08 06:21:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-05-18 22:30:00 C:\WINDOWS\Tasks\At1.job" - C:\WINDOWS\system32\rundll32.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-19 16:21:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\WLTRYSVC.EXE C:\WINDOWS\system32\BCMWLTRY.EXE C:\WINDOWS\system32\scardsvr.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Apoint\hidfind.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Apoint\ApntEx.exe C:\WINDOWS\system32\verclsid.exe . ************************************************************************** . Completion time: 2008-05-19 16:26:04 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-19 20:25:49 ComboFix2.txt 2008-05-18 22:42:41 Pre-Run: 42,292,056,064 bytes free Post-Run: 42,283,773,952 bytes free 307 --- E O F --- 2008-05-18 23:33:22